Infinite Minting Exploit Nets attacker $ 4.4M $
As the DeFi protocols continue to heat up within the Ethereum ecosystem, CipherTrace sees more and more exploits and attack vectors come to light. Last week, December 28, 2020, the shield mining contract was exploited by Cover Protocol, Blacksmith. Hackers took advantage of a bug in the mining contract to mint an infinite number of COVER tokens and extract more than $ 4.4 million from the project.
Cover Protocol released its post-mortem yesterday, stating that the bug, unknown to developers, has been present since the Blacksmith contract was first deployed, highlighting the importance of thorough security audits and pentests of What are smart contracts? A smart contract is a computer professional … read more.
A timeline of infinite imprint
The timeline of the first attacker
- The New Balancer liquidity pool has been added to the Blacksmith.sol contract.
- The attacker pays 1,326,879.99 BPT tokens into the Blacksmith.sol contract.
- The same attacker then executes the exploit by withdrawing funds from the contract.
- The attacker was able to continue minting rewards and withdrawing funds totaling approximately $ 4.4 million.
In an interesting twist of events, alleged “white hackers” associated with Grap Finance also took advantage of the bug to mint COVER tokens valued at around $ 4 million. Grap Finance eventually returned the funds to the Cover Protocol.
External Account (EOA) Grap Finance Deployer Schedule
- A new liquidity pool has been approved for liquidity mining.
- Grap Finance Deployer EOA has paid 15,255.55 BPT (DAI / Basis) into the cover pool via the Blacksmith.sol contract.
- About four minutes later, the funds were withdrawn for cover, leaving 1 Wei in the EOA balance of the Grap Finance Deployer.
- Another external user withdrew most of his balance from the Blacksmith.sol contract around the same time, leaving Grap Finance with all of the liquidity for the DAI / base pool of the Blacksmith.sol contract.
- Grap Finance Deployer has repaid 15,255.55 BPT (DAI / Basis) into the pool.
- Then Grap Finance Deployer claims the rewards and mints 40,796,131,214,802,500,000.21 COVER due to the exploit.
- After burning the minted tokens for a while, the Grap Finance Deployer sends Ether back to Cover and states that “Mind your own shit next time.”
How to Mint Infinite Tokens – A Technical Analysis
This exploit takes us back to the basics of the Solidity programming language used to implement smart contracts within Ethereum. Once these contracts are compiled, the Ethereum Virtual Machine (EVM) will be able to understand the instructions (i.e. opcodes) that are used to perform various functions and manipulate memory and storage. The EVM has three different areas in which it can store data: Storage, storage, and the stack. Understanding these areas is important to understand how the bug was exploited.
Similar to Random Access Memory (RAM) on a computing device, the “memory”Keyword within Solidity allocates memory for a specific variable. In this case, this variable is restricted to a specific function. The memory is cleared once the function has been executed, but can remain if the contents of this memory are moved to memory before the function returns.
The “warehouse”Keyword within Solidity enables variables to act as pointers to the storage of data in mappings or data structures. Memory data is persistent between function calls and transactions. Under the hood, the memory is essentially a key value store that maps 256-bit words to 256-bit words.
Note that the EVM is not a register machine, but a stacking machine – therefore all calculations are in a data area called. carried out the stack. The stack has a maximum capacity of 1024 items, but only the top 16 are easily accessible, which can be used to swap the top item with any of the 16 items below and more.
Hackers took advantage of Blacksmith.sol from Cover Protocol – a shield mining contract that allows stakers to be rewarded with tokens of the specific project or pool, such as CLAIM and NOCLAIM tokens, within the Cover Protocol.
To better understand the bug, let’s take a look at the public first pool Variable that is a mapping (i.e. storing data):
In line 118 we see that the contract is temporarily storing the pool data in the memory using the keyword “memory”.
Then on line 121 the contract updates the pool in memory as as updatePool (address _lpToken) Function uses a Pool storage pool Variable.
However, if you look further down in the Deposit (address _lpToken, uint256 _amount) Function, it uses the same swimming pool Variable from line 118 within the function for calculations for. has been cached in memory pool.accRewardsPerToken. At this point is the swimming pool Variable was copied from the pool Mapping and has been saved.
As a result, any changes to the swimming pool variable within the Deposit (address _lpToken, uint256 _amount) Function does not change that pool Mapping in the contract’s on-chain memory, since variables that use the “memory” keyword are only valid within the function itself. From there, the contract updates the pool.accRewardsPerToken within the updatePool (address _lpToken) Function that uses memory. So now, within the updatePool (address _lpToken) Function the pool.accRewardsPerToken that is being updated increases a lot since it was technically a new pool and not with that swimming pool in remembrance.
Because of this vulnerability and the misuse between storage and storage, the miner.rewardWriteoff within the Deposit (address _lpToken, uint256 _amount) Function is calculated incorrectly and uses the wrong one pool.accRewardsPerToken, since we are still in the deposit function which is processing an in-memory cached instance of swimming pool.
In addition to the deposit function, anyone, e.g. B. Grap Finance, received an insane amount of minted tokens if he did that ClaimRewards (address _lpToken) Function. This feature that is used to get their rewards is eventually calling _claimCoverRewards (pool storage pool, miner storage miner) which refers to the miner.rewardWriteoff which we highlighted above. Because this variable is much smaller than the actual one pool.accRewardsPerToken, the contract leads to a plethora of tokens being minted.
The central theses
CipherTrace hopes that this background to the exploited bug will definitely shed light on the importance of thorough security reviews and pentests of smart contracts A blockchain – the technology that underlies Bitcoin and other technologies. More one decides to provide it. While Grap Finance returned the funds received through the exploit, the original hacker was still able to win over $ 4 million from the DeFi protocol, and the value of the COVER token has fallen nearly 99% since then.